Simon Bruder
abccb6f9e0
initrd-ssh: Make /boot only accessible for root
2023-12-31 17:31:17 +01:00
Simon Bruder
0318ca56f9
Use gpg-agent as ssh agent
2023-12-20 23:55:42 +01:00
Simon Bruder
9107ce034c
nitrokey: Init
2023-12-20 16:53:42 +01:00
Simon Bruder
cd47e1da97
qbittorrent: Fix DNS in systemd service
...
With the host’s nsswitch, it tries to query nscd, which fails as the
socket is inaccessible.
2023-12-17 18:03:40 +01:00
Simon Bruder
47998fddd0
media-proxy: Use subdomains instead of paths
...
This should help with isolating the different services.
2023-12-16 11:56:04 +01:00
Simon Bruder
80fcaab244
nginx: Make recommended settings global
2023-12-16 10:19:20 +01:00
Simon Bruder
e126adc38d
authoritative-dns: Migrate to settings
2023-12-02 18:54:48 +01:00
Simon Bruder
ba843ac8c0
Upgrade to 23.11
...
Flake lock file updates:
• Updated input 'bang-evaluator':
'git+https://git.sbruder.de/simon/bangs?ref=refs/heads/master&rev=7fc3d5019c907566abbad8f84ba9555a5786bd01 ' (2021-08-01)
→ 'git+https://git.sbruder.de/simon/bangs?ref=refs/heads/master&rev=a06c68c44862f74757a203e2df41ea83c33722d9 ' (2023-12-02)
• Updated input 'home-manager':
'github:nix-community/home-manager/04bac349d585c9df38d78e0285b780a140dc74a4' (2023-11-12)
→ 'github:nix-community/home-manager/aeb2232d7a32530d3448318790534d196bf9427a' (2023-11-24)
• Updated input 'home-manager-unstable':
'github:nix-community/home-manager/9a4725afa67db35cdf7be89f30527d745194cafa' (2023-11-19)
→ 'github:nix-community/home-manager/4a8545f5e737a6338814a4676dc8e18c7f43fc57' (2023-12-01)
• Updated input 'nix-pre-commit-hooks':
'github:cachix/pre-commit-hooks.nix/e558068cba67b23b4fbc5537173dbb43748a17e8' (2023-11-15)
→ 'github:cachix/pre-commit-hooks.nix/e5ee5c5f3844550c01d2131096c7271cec5e9b78' (2023-11-25)
• Updated input 'nixos-hardware':
'github:nixos/nixos-hardware/1721da31f9b30cbf4460c4ec5068b3b6174a4694' (2023-11-18)
→ 'github:nixos/nixos-hardware/8772491ed75f150f02552c60694e1beff9f46013' (2023-11-29)
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/9fb122519e9cd465d532f736a98c1e1eb541ef6f' (2023-11-16)
→ 'github:nixos/nixpkgs/5de0b32be6e85dc1a9404c75131316e4ffbc634c' (2023-12-01)
• Updated input 'nixpkgs-overlay':
'git+https://git.sbruder.de/simon/nixpkgs-overlay?ref=refs/heads/master&rev=c8a17806a75733dec2ecdd8f0021c70d1f9dfc43 ' (2023-10-04)
→ 'git+https://git.sbruder.de/simon/nixpkgs-overlay?ref=refs/heads/master&rev=37f80d1593ab856372cc0da199f49565f3b05c71 ' (2023-12-02)
• Updated input 'nixpkgs-overlay/poetry2nix':
'github:nix-community/poetry2nix/093383b3d7fdd36846a7d84e128ca11865800538' (2023-09-22)
→ 'github:nix-community/poetry2nix/7acb78166a659d6afe9b043bb6fe5cb5e86bb75e' (2023-12-01)
• Updated input 'nixpkgs-overlay/poetry2nix/nix-github-actions':
'github:nix-community/nix-github-actions/165b1650b753316aa7f1787f3005a8d2da0f5301' (2023-07-09)
→ 'github:nix-community/nix-github-actions/4bb5e752616262457bc7ca5882192a564c0472d2' (2023-11-03)
• Added input 'nixpkgs-overlay/poetry2nix/systems':
'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e' (2023-04-09)
• Added input 'nixpkgs-overlay/poetry2nix/treefmt-nix':
'github:numtide/treefmt-nix/e82f32aa7f06bbbd56d7b12186d555223dc399d1' (2023-11-12)
• Added input 'nixpkgs-overlay/poetry2nix/treefmt-nix/nixpkgs':
follows 'nixpkgs-overlay/poetry2nix/nixpkgs'
• Updated input 'nixpkgs-unstable':
'github:nixos/nixpkgs/c757e9bd77b16ca2e03c89bf8bc9ecb28e0c06ad' (2023-11-17)
→ 'github:nixos/nixpkgs/e92039b55bcd58469325ded85d4f58dd5a4eaf58' (2023-11-29)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/49a87c6c827ccd21c225531e30745a9a6464775c' (2023-11-19)
→ 'github:Mic92/sops-nix/e19071f9958c8da4f4347d3d78790d97e98ba22f' (2023-12-02)
• Updated input 'sops-nix/nixpkgs-stable':
'github:NixOS/nixpkgs/decdf666c833a325cb4417041a90681499e06a41' (2023-11-18)
→ 'github:NixOS/nixpkgs/dfb95385d21475da10b63da74ae96d89ab352431' (2023-11-25)
2023-12-02 18:54:42 +01:00
Simon Bruder
f39ce20c60
static-webserver: Init
...
This module makes it easier to configure static websites.
2023-11-25 12:36:23 +01:00
Simon Bruder
e897207daa
tools: Add rlwrap
2023-11-14 16:05:26 +01:00
Simon Bruder
1dc5b83380
pipewire: Enable jack
2023-11-12 01:00:25 +01:00
Simon Bruder
4f536a00d2
Switch home domain to shinonome-lab.de
...
When having DNSSEC activated (as it is the case on sbruder.de), dnsmasq
interfering in queries for hosts on the LAN often causes problems.
This domain is specifically for the case of not having DNSSEC on it.
2023-10-27 23:54:56 +02:00
Simon Bruder
82d26cc548
dns: Do not log stats requests
2023-10-27 23:32:36 +02:00
Simon Bruder
af1d41ffda
dns: Add prometheus exporter
2023-10-26 01:18:17 +02:00
Simon Bruder
8519bada60
authoritative-dns: Init
2023-10-25 21:16:43 +02:00
Simon Bruder
dc3a17ffe0
wireguard/support: Remove DNS records for peers
...
For this use case, DNS is not very useful.
2023-10-23 19:38:00 +02:00
Simon Bruder
bb5937c686
vnstat: Use UTC in database
2023-10-15 17:07:16 +02:00
Simon Bruder
816004e80b
restic: Use QoS instead of uploadLimit
...
This implements a crude mechanism for signalling my router to add the
packets to its own qdisc.
The way in which this is implemented with nftables is hacky because of
NixOS’ limitations on build-time checking (which obviously can’t know
about the existence of cgroups on the target).
2023-10-07 22:49:47 +02:00
Simon Bruder
91eb90e9c3
Enable nftables by default
2023-10-07 13:50:18 +02:00
Simon Bruder
3e1cd23aea
tools: Use bandwhich from unstable
2023-10-04 23:42:01 +02:00
Simon Bruder
16c0472bb0
nazuna: Enable torrent
2023-10-04 23:19:44 +02:00
Simon Bruder
3a12a3f53a
qbittorrent: Avoid using nscd
2023-10-04 23:19:44 +02:00
Simon Bruder
7fc8a4694c
nazuna: Init
2023-10-04 23:19:44 +02:00
Simon Bruder
a39a2ba616
nix: Make nix-shell not fail on non-krops machines
...
Only krops stores the current configuration under /var/src/config.
As I use krops much less, this is not present on all machines.
2023-09-20 22:11:54 +02:00
Simon Bruder
287560e0fa
mpd: Add listenbrainz submitting
2023-09-19 12:23:38 +02:00
Simon Bruder
09a9037f1c
Revert "Disable systemd-resolved"
...
This reverts commit 38f815ecf1fa188d0a5a389f73bcd01177f9687c.
2023-09-12 15:00:51 +02:00
Simon Bruder
fcbd6806b9
Disable systemd-resolved
...
It always breaks things, makes debugging harder and in general does not
seem to make anything better.
2023-09-12 15:00:50 +02:00
Simon Bruder
30485e7d70
mailserver: Enable postscreen
2023-08-18 15:15:07 +02:00
Simon Bruder
08b2bac970
mailserver: Add ManageSieve
2023-08-01 15:19:24 +02:00
Simon Bruder
eb2e268377
unfree: Remove packages no longer in use
2023-07-22 15:14:58 +02:00
Simon Bruder
0767d44b45
tools: Install tio system-wide
2023-07-21 15:06:29 +02:00
Simon Bruder
1b44e31627
shinobu: Init
2023-07-01 12:37:12 +02:00
Simon Bruder
472ff64011
fuuko: Add SSD for hot storage
...
Adding a new PCIe device changes the names of the network interfaces, so
they need to be adapted.
2023-06-28 23:13:57 +02:00
Simon Bruder
13b8781c71
mullvad: Update relays
2023-06-25 12:04:43 +02:00
Simon Bruder
e99a45dba5
pipewire: Add support for Focusrite Scarlett Solo Gen 3
...
The headphone output of my Behringer UMC202HD had sporadic cutouts.
While short, they were quite annoying.
I hope this interface (which costs 50% more) will work better.
2023-06-08 20:11:00 +02:00
Simon Bruder
0e0bdf7c3e
Revert "pipewire: Add configuration for UMC202HD"
...
This reverts commit 5462768f19
.
The new pipewire version from 23.05 automatically separates the inputs.
2023-06-03 18:34:12 +02:00
Simon Bruder
db391a3907
mailserver: Remove rejectSenders
...
This now gets handled by rspamd with a dynamic map.
2023-06-03 18:34:12 +02:00
Simon Bruder
5b39654159
mailserver: Separate into multiple files
2023-06-02 08:26:57 +02:00
Simon Bruder
f84e6d9bee
mailserver: Add option for autoconfig
2023-06-02 08:26:33 +02:00
Simon Bruder
21e139f313
mailserver: Allow using implicit TLS
...
The configuration dates back quite a bit and then STARTTLS was
considered the best option. However, with RFC 8314 from 2018, which now
recommends implicit TLS for IMAP and SMTP submission, this changed.
This allows using implicit TLS for those services. STARTTLS might become
deprecated and/or removed in the future.
2023-06-01 19:54:26 +02:00
Simon Bruder
e7fa0868ae
mailserver: Allow manually blocking sender domains
2023-06-01 19:54:26 +02:00
Simon Bruder
704f1e8d7f
fonts: Fix custom iosevka name
...
They no longer match the old name, only one that looks weird.
2023-06-01 19:54:25 +02:00
Simon Bruder
f9b6483fd6
grub: Remove version
2023-06-01 19:54:22 +02:00
Simon Bruder
1ec8a58921
Rename boot.cleanTmpDir
2023-06-01 19:54:22 +02:00
Simon Bruder
2f3d5c8b6b
Remove usage of nixFlakes
2023-06-01 19:54:22 +02:00
Simon Bruder
d43a2e51b5
ssh: Migrate to 23.05 format
2023-05-30 11:35:13 +02:00
Simon Bruder
5462768f19
pipewire: Add configuration for UMC202HD
...
This has some problems (as explained in the comment), but this at least
makes it work for now.
2023-05-25 20:27:07 +02:00
Simon Bruder
8a574b0417
mailserver: Add default mailboxes
...
This harmonizes the usage of directory names, and gives clients hints
about what mail should go where.
2023-05-14 20:42:15 +02:00
Simon Bruder
cc47b75704
okarin: Init
2023-05-06 11:39:31 +02:00
Simon Bruder
89bc09dcce
wireguard/home: Expose subnet
2023-05-06 11:39:31 +02:00